Posted
by
Soulskill
on Friday July 29, 2011 @04:38PM
from the rest-in-peace dept.

hackingbear writes "The Xinhua news agency reports that a signaling equipment circuit design flaw and lack of safety alertness in railway management caused a high-speed train to ram into a stalled train near the city of Wenzhou in east China's Zhejiang Province on Saturday, leaving 40 people dead and 191 injured. A lightning strike triggered the malfunction, which resulted in a green alert light failing to turn red, leaving railway personnel unaware of the stalled train, the official said. The Beijing National Railway Research and Design Institute of Signal and Communication Co., which was responsible for designing and building the signaling system, has posted an apology letter on its website, offering condolences and promising to 'shoulder any due punishments that may result from the investigation.' Domestic media has raised more questions over the explanation. 'Why was such seriously flawed equipment in use for nearly two years without being detected? Why was it installed in as many as 76 rail stations across the country? Are there other problems with the railway apart from equipment flaws?'"

It is worth pointing out that the Chinese public seem largely skeptical of the "lightning strike" explanation. It seems reasonable to me, but I think this is being grasped by some in China as a way to vent their general distrust of government information.

As long as the engineers are allowed to approach it from the "let's fix the problem" angle, it should probably turn out alright (in the future). It really depends on how the government responds to public outcry.

It does appear that there is a tipping point being reached here. The media, even state-run media, is becoming bolder, and the Chinese leadership seemingly less willing to just smash skulls to get rid of bad news. Fifty years ago, most Chinese people would not have even heard of the rail accident, and those that did would have kept their mouths shut. Now, suddenly, you have journalists openly demanding heads roll and demanding to know why the government what they believe to be a faulty system be installed.

Of course, it doesn't help that the propaganda wing of the Chinese government was caught red handed sending dictates to news outlets to only report positive news surrounding the accident. That's another amazing thing, that people who leaked such dictates are still walking and talking.

Not only that, but the conspiracy theorists are seen as having as much (if not more) credibility as the news. The more the government tries to hide stuff, the more it looks like it has something to hide, and people start to believe anything. Really weird stuff is bubbling to the surface (not just the cancelled rescue effort), and there's nothing the government can do to refute it as people just assume they are lying. Even normal people who support the government (or just try to shoot down crazy conspiracy t

There's a video on Youtube, showing a horde of backhoes digging a hole, and burying the train. The government claims that it was a security measure, ie, dispose of the modern technology so that outsiders couldn't recover and examine the government secret hardware onboard the train. In the video, two bodies fall from the cars as they are being moved from the bridge and buried. While most people are shocked at the idea of bodies falling out of the cars - I point them out only to emphasize the fact that the

1. Rescue efforts were called off twice, first time 5 HOURS after accident, and again 3 hours later, with officials claiming both times there were no more signs of life. Survivors were pulled out after each time. When questioned about why this could happen, railway ministry spokesman calls finding survivors "a miracle" Press and public extremely disgusted at irresponsible rescue effort and crassness in public relations. Railway spokesman says they relied on on-site rescue officials in making the determination, with quote "it doesn't matter whether you believe them or not, I believe them" -- which has now become a meme used to mock gov officials.

2. Removal and dismantling of wreckage began HOURS after accident. Wreckage was broken up and BURIED on site for some reason, leaving experts and lay public shocked and dumbfounded. Public suspicion is that the railway ministry was trying to hide evidence, pointing to the way other nations handle accident scenes (not touching it until investigators have combed through everything). The dismantling and burial was caught on amateur film, which shows 2 bodies falling out of the wreckage as a team of excavator machines break the train carriages apart for on-site burial. MUCH anger over this issue.

3. Victim families were immediately offered 172000 RMB government compensation plus 50000RMB "early signing bonus" to those who agree quickly. Chinese internet explodes again in disgust at the thought of using the phrase "award money" for death compensation, and of trying to rush grieving families into legal settlements. It looked like they were selling condos rather than giving financial aid. Most families refuse, saying they want answers rather than money. Internet is filled with posts comparing the disparity between compensation amounts for foreign nationals who die in China vs Chinese citizens -- tens of millions of RMB vs hundreds of thousands. Also comparisons to Chinese nationals who die in other countries (mainland tourists who died in Taiwan: 1.8 million RMB each) Yesterday, after Premier Wen visited the site, the compensation package was raised to a minimum of 915000RMB. People still calling this insultingly low.

4. Second day of the accident, media was informed of official narrative and government directive. Press is ordered to use only the official name for the accident, devote most of their air time to stories of rescue heroism, and forbidden from investigating on their own initiative. Some journalists are rebelling, with public offering support but also voicing apprehension about safety of these journalists.

5. Official death toll is currently at 40 with the passing of a critically injured passenger yesterday. The passenger manifest is still not public. List of dead, missing, and injured is still not released, even though the railway moved to an id card based ticketing system earlier this year, which would make this information computerized and easily accessible. Public is comparing this to the release of names of deceased in the Norway shooting incident. Public suspicion is that the real death toll is far above 40. Much frustration directed at railway ministry and government over lack of information.

There's a lot more controversies here but those are the main ones. This has blown up to a HUGE national discussion about transparency and government accountability. Much disgust on the Chinese internet over the handling of this accident.

Shanghaiist and especially Chinasmack tend to republish a lot of rumors without bothering to verify them.If you want to get some facts, better check Robert Soong's EastSouthWestNorth [zonaeuropa.com] blog.

I think you may have misunderstood what Chinasmack actually does. Fauna does a great job in translating the popular threads on the mainland China BBSs - latest stories, pictures, videos, and topics that are "hot".

Chinasmack is not a news organisation in any way. Fauna translates what the thread posters said. Chinasmack is not there to "verify" what is being posted but to help outsiders and those without Chinese language skills to understand what is being said / posted on mainland discussion sites.

This is why I value Roland's EastNorthWestSouth blog as so much better. Not only does he translate a lot of the most hot topics that are beeing discussed in China, but also provides valuable background information, comments and "reality checks".

Chinasmack is not there to "verify" what is being posted but to help outsiders and those without Chinese language skills to understand what is being said / posted on mainland discussion sites.

Not everybody knows this and may end up endlessly reposting rumors as facts because, well, he found them on some "English" sites...

5.... The passenger manifest is still not public. List of dead, missing, and injured is still not released,

The Shanghai metro distributes a daily free magazine called Metro Express [metrosh.com], which is read by every commuter on their daily ride to work (a couple of millions?). They have been extensively covering the accident and some days ago published the complete list of victims, including names and parts of their ID card number. This is how I found out one of the victims was an Italian woman, by the way.

From another post:

Now, suddenly, you have journalists openly demanding heads roll and demanding to know why the government what they believe to be a faulty system be installed.

Thanks poity. It's been very hard to get info on these events, inside and outside China. Outside of China the news agencies barely touched it, preferring to concentrates on whatever took the place of congressional penises.

There are often disparaging articles and comments about trains, mass transit, and Amtrak whenever there is a crash in the US. For some reason, some people seem to hate trains and enjoy disasters involving them. The racist/xenophobic dimension of the current commentary is different, but the attitude is similar.

I actually don't think that racism has much to do with it. People online can be horrible and disgusting in response to anything -- the fact that it happened in China just means that the reactions will include racist overtones because it makes these reactions more offensive. There are plenty of trolls (and sometimes just bored kids that don't know any better) that will just be offensive because it's "fun". They like seeing the reactions to their reactions, and they know how to push people's buttons. I'm will

The callousness of the government and the companies that have been executing the scam called "China speed train" is disgusting. People have been pointing out the problems and predicting that accidents due to faulty designs will happen. The people who built the train are responsible, disgusting and what not, not the people who call them out.

The people in charge of the system, and those in charge of overseeing those in charge, are responsible. For the most part, China bought some trains and tracks then reverse engineered them before copying all over the country. It's not a Swedish or Japanese design fault. Meanwhile, blame has been passed to the engineering center in China that designed the circuit. Total bullshit.

One more thing. A Chinese family I know told me recently that there have been several incidents that never made it into the new

Life-critical systems should have a dead-man switch, and/or a watchdog timer. The moment it was struck by lightning, the fact that part of the system didn't "report back" should have prevented the train from moving. If the lightning strike happened while the train was moving, then it should have triggered a mechanism that slows down the train to a halt.This is similar to how, if an elevator's power is cut, it expands "claws" into safety rails.

EOS failures can do funny things. Single IOs can fail while the rest of the chip works fine. It's hard to catch such problems. Ideally during startup, you'd run a test on every pin to make sure they're all still working. Even if the lightning strike occurred immediately before the crash, I would hope that after being hit by lightning they'd stop and test their systems.

This sounds like it's more a problem with their safety protocols, and less a problem with the particular circuit that failed.

EOS failures can do funny things. Single IOs can fail while the rest of the chip works fine.

That's possible, which is why you should install independent, redundant systems. Some problems are very difficult to catch, even with redundant systems, which is all the more reason to have multiple redundancy.

This sounds like it's more a problem with their safety protocols, and less a problem with the particular circuit that failed.

That's always possible, but I still think that diagnostic/sensor circuits should have been able to catch this without human intervention (IMHO).

EOS failures can do funny things. Single IOs can fail while the rest of the chip works fine. It's hard to catch such problems. Ideally during startup, you'd run a test on every pin to make sure they're all still working. Even if the lightning strike occurred immediately before the crash, I would hope that after being hit by lightning they'd stop and test their systems.

It is trivial to catch such problems. There are alternative circuit designs which are immune to open, closed, and stuck at failures. Usuall

The other commonly used design is input, output and logic voting on dual or triple redundant systems. We have two control systems at work. One uses the former method you described (our control system), the other uses voting mechanisms and is our SIL rated emergency shutdown systems.

Though there are plenty of companies who use the SIL rated systems for standard control applications due to their ability to cope with complete circuit failure without any downtime.

Well, any piece of equipment can fail, and of course you'd expect lightning to do serious damage. However a single failure shouldn't be sufficient to cause an accident. A train being halted and stop signal being raised - that should count as normal operation, not a failure mode. So if train passes a signal which it shouldn't have, there should be a second system which detects this problem.

The article gives the impression that there was only one such system. That would be a design issue. Typically on Europ

I totally agree. I'd also point out that there is a time-proven backup that we've used in the US and probably Europe for 100 years. If a train stops off-schedule, a trainman grabs a handful of flares and torpedoes (small pouches filled with dynamite that are strapped to the rail. They bang real loud when run over and are a signal to the engineer to stop) walks or runs a mile down-track and uses the flares and torpedoes to stop any approaching train well before it can hit the stopped train.
Why wasn't thi

Do you know the time intervals and stopping distances for this particular line and train set? I'd really like to know if you do. In any case, even if emergency braking for one mile just halved the speed, the energy would be reduced to 1/4 and would have certainly reduced injuries. In any case, running back to protect the train is simple and cheap. No excuse not to do it.

A normal automatic signaling system on high-speed/high-traffic rails works by dividing the track into segments. As a train enters a segment the signaling lights controlling that segment turn to red (and often the system even counts the number of axles/wagons entering the segment). Only if this trains enters the next segment (then 'protected' by the signal light in front of that) the first signal light turns back to green.

Why was such seriously flawed equipment in use for nearly two years without being detected?

Because it hadn't been struck by lightning until now.

Its kind of in the nature of design that you think about how things are going to turn out before they happen. You shouldn't have to wait for a lightning strike to find out that your signal doesn't fail safe.

Why was such seriously flawed equipment in use for nearly two years without being detected?

Because it hadn't been struck by lightning until now.

If this analysis is true, the designers are not familiar with the term "fail safe".

I'm an engineer with over a decade of experience in the signalling business (although thankfully not the Chinese one). Fail Safe is what it's all about.

Note to Slashdot editors - your summaries really suck lately: TFA says "A lightning strike triggered the malfunction". That is NOT a "circuit flaw". It is an externally induced failure (which the system should dectect) and to compare the two terms is to compare rocks with pudding.

Just to let people be aware, there has been significant controversy (as far as that is possible in China, and also in overseas communities such as the Chinese community in the USA) in terms of handling of the disaster.

For example, soon after the train crash, the crashed trains were moved off the elevated rail and (literally) buried "to let the other trains run on time"; this was criticized as being too early a move (10 h after the crash), without a thorough enough search for survivors. Reporters were barred from the scene, and pleas from the families of the train crash victims to search through the wreckage were ignored. Indeed, 20h after the crash, one of the uniforms (acting against his orders) was able to locate a 2-yr-old girl still alive; she has been transported to the hospital and is now in good condition, and people are trying to figure out how to tell her that her parents both died in the crash. In general, officials from the train lines have been stonewalling, but have been apparently quite forthcoming with compensation money for the families.

Big Engineering doesn't isn't kind to poor engineering and management practices - it just leads to Big Disasters. It's a hard lesson to learn and if you watch shows like Engineering Disasters there are plenty in the West who still don't get this. It'll be interesting to see down the track how the mega dams on the Yellow River hold up.

The article is written by Xinhua news staff and contains no technical information at all. The article is mostly your typical laymen fluff filled with public outrage, pundit soundbites, and general background information. The lack of details about the nature of the "circuit design flaw" really precludes this from being considered "news for nerds". As someone with experience working in an FDA regulated environment, oversight and accountability of projects and tasks is something I am quite familiar with. I wonder how much (if any) details will emerge that will answer some of the questions the circuit geeks among us would ask. I know it is a poor substitute (and maybe slightly off-topic), but this article from years ago has always stuck with me and constantly reminds me of the perils the electronics industry continues to face.

Probably not, on the surface it looks like bad design. But given how they buried the evidence of the crash (alongside with some bodies, and some apparently still moving) off the tracks before any investigation of the causes, they may never learn what was the problem. But the value of life is not so high in places with a lot of people, so if you're in China, and value your life, you'd better arrange your transportation according to your ideas of safety.

I worked on US rail signaling equipment (Background = Physics PhD). I have never been so impressed with over-designed, fail-safe equipment. They plan for everything, including multiple lightning strikes. They do such things as positioning their relays upside down so that the armature falls to NC by gravity if the spring breaks. They have many years of experience, and all of our equipment is for sale. I think the NIH mentality bit China in the arse this time.

I worked on US rail signaling equipment (Background = Physics PhD). I have never been so impressed with over-designed, fail-safe equipment. They plan for everything, including multiple lightning strikes. They do such things as positioning their relays upside down so that the armature falls to NC by gravity if the spring breaks. They have many years of experience, and all of our equipment is for sale. I think the NIH mentality bit China in the arse this time.

If you pay attention to the accidents, you will see the train accidents are almost always due to human error, not signaling equipment failure. Drivers going thru flashing red signals, engineers under the influence or texting, and occasional sabotage. Signal equipment almost always fails safe. This causes very annoying (but safe) delays while the equipment is fixed.

If you pay attention to the accidents, you will see the train accidents are almost always due to human error, not signaling equipment failure. Drivers going thru flashing red signals, engineers under the influence or texting, and occasional sabotage. Signal equipment almost always fails safe. This causes very annoying (but safe) delays while the equipment is fixed.

I'm aware of that, but I see it as a deficiency in the design scope of safety equipment.

Still from statistics, US rail safety record is hardly stellarhttp://ilookchina.net/2011/07/25/high-speed-rail-tragedy-in-china-reveals-small-minds-in-the-west/"In 2007, there were thirty-three rail accidents listed for the world, and the United States had nine (27% of the total) killing seven and injuring more than a hundred, while India had three accidents killing 80 and injuring twelve.

China (ruled by what Charles Lane calls the unelected elite) had two rail accidents killing four and injuring two.

If you look at the death and injury totals, though, the US has lower numbers. The number of accidents may be greater, but it appears as though the severity of each accident is considerably lower, especially given how high of a volume the US tends to have.

Then again, we probably also have slower rails, meaning the collisions aren't at as high of speeds, reducing the severity of collisions. Who knows what those numbers mean aside from the fact that we have a ton of collisions and the overall severity of th

I see no difference between the Chinese Media and any western country's Media. They just have no ideaIn this case, yes there has been an admission of fault, a fault caused by lightning.. OK put the reporter on the equipment certification panel and decide what tests should be conducted before the equipment is 100% safe to be certified for use. I bet the reporter will think many of the current tests being conducted are stupid or unnecessary. you could check 1,000,000 scenarios but it will be the 1,000,001st

As I pointed out when this first happened,
Hollysys [slashdot.org] claims to have designed and built the signalling system. They issued a denial that the system failed. [prnewswire.com]
Now we have a unit of "China Railway Signal & Communication Co" taking responsibility. They're affiliated with what used to be General Railway Signal in the US, which is now part of Alstom. It's not clear who built what here. "China Railway Signal & Communication Co" may be the installation contractor.

A little of what happened is clear. There are two separate systems involved. One is classic railroad signaling, with track circuits, wayside equipment, and cab signals. The classical designs are simple and robust. That's the safety-related system. The other is the train control system which uses a unit at the head and tail of each train, communicating to a central headquarters. Those systems are elaborate and computerized, but not considered life-safety systems.
Either system is normally sufficient to prevent collisions.

In normal operation, the train control system does most of the work. It knows about train identity, schedules, and speeds. If the train control system is working right, the safety-related system never intervenes.

In a power failure, though, the train control system can lose contact with a train, since it uses active equipment on each train. That probably happened here. With a total power loss, the dead train isn't reporting to central control.

The safety system, on the other hand, detects trains because the wheels connect the rails together, normally has battery backup, is supposed to be very robust, and is intended to fail to STOP. Even after lightning strikes and a total power failure, it should still work. (Such systems have been taking lightning hits for a century without problems. Lightning hits railroad tracks and pole lines frequently; in flat country, they're the lowest resistance path to ground.)

But the safety system is high-maintenance. There are bits of it all along the lines; track circuits, wayside equipment, signal enclosures, and various other little and big boxes, all of which need attention. Keeping railroad signalling working right requires a large staff of dedicated, well-supervised signal maintainers. Since the systems are designed to fail to STOP, maintenance failures tend to result in red signals.

If the train control system shows the line as clear, and the safety system shows STOP, this normally triggers an emergency brake application. For a high speed train, that takes several kilometers and can cause wheel flattening. (Train wheels have steel "tires", which have to be replaced periodically. An emergency stop takes a lot of life off a tire.)

The question here is what happened to the safety system. Was there over-reliance on the train control system? Was the safety system bypassed to avoid unwanted emergency stops. That's speculation at this point.

(Train wheels have steel "tires", which have to be replaced periodically. An emergency stop takes a lot of life off a tire.)

Since you seem to know a lot about trains, do you know anything about where hybrids with power storage have gone, if anywhere? Last I heard they couldn't make them reliable. I have often thought that replacing all the trucks or whatever the wheel packages are called with a power system would be the only way to go, though it would be heinously expensive and thus probably unworkable for the foreseeable future.

General Electric is coming out with a diesel-electric with battery storage [getransportation.com] to recover some of the energy used in braking. Dynamic braking on diesel-electrics normally dumps the energy into (huge) resistors, and that can be put into batteries, if you want to carry all those batteries around. Whether this is a win depends on the way the loco is used. It's probably a win for switch engines,which stop and start frequently, and a lose for road locos on long runs, which don't.

General Electric is coming out with a diesel-electric with battery storage to recover some of the energy used in braking.

Several hybrid locomotives (with battery storage) have been produced, at least as prototypes, and all have been massive failures due to the inability to store a useful amount of power so quickly as is needed in this context. What's different about this attempt that will lead it to succeed?

China uses many companies. Does anyone know who made the equipment that broke?

This article talks about their CTCS which is the Chinese Train Control Software based on the European Train Control Software and something called the LKJ automatic control system: Wiki only says Lieche Yunxing Jiankong Jilu Zhuangzhi – device used for train control and monitor in China Railways.

Probably one presumably in China that copied an existing control system from somewhere, but due to cost (or whatever?) didn't follow everything to the letter and took shortcuts, and a faulty controller being the result.

Happens so often everyone doesn't even think of it anymore. One of the risks in the manufacturing process in China.

With all due respect, but I wonder where to? Most high quality goods also are manufactured in countries like Japan, Korea and China. Maybe you haven't noticed, but the Chinese themselves know all too well that most of the stuff they export is crap. They generally won't use it themselves, but use something better. The fact is, people from the west ordered this crap. They did that, because they don't want the quality, just the low price. You pay for what you get and you get what you ordered. If you don't like

Have you been to China? They are not like the Japanese, who do keep the best products in the domestic market (because Japanese consumers are extremely discerning and Japanese producers understand them best). Far from it.